3 files changed, 14 insertions, 3 deletions

diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 49999520..72927c71 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -39,7 +39,12 @@ class rest_Core {
 
   static function set_active_user($access_key) {
     if (empty($access_key)) {
-      throw new Rest_Exception("Forbidden", 403);
+      if (module::get_var("rest", "allow_guest_access")) {
+        identity::set_active_user(identity::guest());
+        return;
+      } else {
+        throw new Rest_Exception("Forbidden", 403);
+      }
     }
 
     $key = ORM::factory("user_access_key")
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index aeb9573e..c2694a29 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -28,7 +28,8 @@ class rest_installer {
                 UNIQUE KEY(`access_key`),
                 UNIQUE KEY(`user_id`))
               DEFAULT CHARSET=utf8;");
-    module::set_version("rest", 2);
+    module::set_var("rest", "allow_guest_access", false);
+    module::set_version("rest", 3);
   }
 
   static function upgrade($version) {
@@ -37,6 +38,11 @@ class rest_installer {
       $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
       module::set_version("rest", $version = 2);
     }
+
+    if ($version == 2) {
+      module::set_var("rest", "allow_guest_access", false);
+      module::set_version("rest", $version = 3);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/rest/module.info b/modules/rest/module.info
index 3ab7e165..4b6b5464 100644
--- a/modules/rest/module.info
+++ b/modules/rest/module.info
@@ -1,4 +1,4 @@
 name = "REST Access Module"
 description = "The RESTful implementation/interface to Gallery3"
 
-version = 2
+version = 3